LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   bypassing 'iptables' & 'squid' (https://www.linuxquestions.org/questions/linux-security-4/bypassing-iptables-and-squid-584119/)

mbin 09-12-2007 05:56 AM

bypassing 'iptables' & 'squid'
 
I'm using 'Linux Red Hat 9' as proxy server.

Everything is fine, except few sites which won’t go through proxy. How can I bypass by editing 'iptables' or 'squid'.

Rgds

blackhole54 09-12-2007 06:41 AM

If you are running squid as a transparent proxy, add entries to your PREROUTING table that use "-j RETURN" before the the entry that does the REDIRECT or DNAT. For example

Code:

iptables -t nat -A PREROUTING -d www.linuxquestions.org -j RETURN
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

would send LQ requests directly to the Internet, but redirect everything else to the proxy listening on 8080.

Alternatively, with either transparent or non-transparent proxy, I think you could use privoxy as your first proxy. You can then run privoxy "disabled" (which means it won't make any modification to requests or web pages) but configure it so that it passes most requests on to quid, but passes select URLs directly to the Internet.

mbin 09-12-2007 07:31 AM

where should i make changes in iptables or squid. https (secure sites & streamer)are not working.

win32sux 09-12-2007 07:54 AM

What exactly do you mean by "are not working"? Do you get an Access Denied Squid error page? Is it happening with all HTTPS sites? What does the log file show? This doesn't sound like something you'd wanna fix with iptables, at least it doesn't sound that way yet. We need more information to understand what your situation is. Please be as verbose as possible.

win32sux 09-12-2007 08:20 AM

Also, please post your squid.conf (minus comments and spaces):
Code:

cat /etc/squid/squid.conf | grep -v ^# | grep -v ^$


All times are GMT -5. The time now is 09:42 AM.